[Dnsmasq-discuss] Bug report: authoritative zone transfers for PTR domains
daniel at basezen.com
Fri Jan 31 20:05:07 GMT 2020
Somehow one always finds essential information after sending out an e-mail to a mailing list.
The manpage indeed states:
> Note that at present, reverse (in-addr.arpa and ip6.arpa) zones are not available in zone transfers, so there is no point arranging sec-
> ondary servers for reverse lookups.
So I revise my report to a bug in the man page, since the workaround is worth mentioning.
I’ll work on a patch.
> Le 31 janv. 2020 à 14:52, Daniel Bromberg <daniel at basezen.com> a écrit :
> Hello from a list new-comer.
> Consider running on the network 10.0.0.0/8, serving DHCP on that subnet, and wishing to publish both the forward and reverse zones to secondary caching servers: example.com <http://example.com/> and 0.0.0.10-in-addr.arpa.
> While dnsmasq creates and serves individually the necessary PTR records given an auth-zone option:
> auth-zone=example.com <http://example.com/>,10.0.0.0/8,lan0,br0
> it does not believe it's authoritative for the PTR zone.
> The workaround is to add:
> auth-zone=0.0.10.in <http://0.0.10.in/>-addr.arpa,lan0,br0
> The logic in the startup code is simple: the authoritative zones are exactly the set encountered in the options file; nothing else is implied. What results is inconsistency, because dnsmasq essentially lies by supplying an authoritative claim via NS and SOA records on 0.0.10.in <http://0.0.10.in/>-addr.arpa then refuses to do a zone transfer.
> There seems to be little interest in reverse DNS zone transfers; this workaround is not found in the manage or anywhere I could find.
> On ServerFault: https://serverfault.com/questions/929891/how-to-let-dnsmasq-transfer-a-reverse-zone/1001286#1001286 <https://serverfault.com/questions/929891/how-to-let-dnsmasq-transfer-a-reverse-zone/1001286#1001286>
> Kind regards,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Dnsmasq-discuss